Installation of Active Directory on Windows 2000 Advanced Server

Materials:Working complete PCBlank DisketteStudent Diskette, "New Boot A Ver 2.0+"Student CD-ROM, "Room 6359"Objectives:
The student will become familiar with:The Microsoft networking Domain model,Installation of the Active Directory Service.Competency:The student will begin learning about the Microsoft networking Domain model and how to install, configure and use the Active Directory service on the Windows 2000 server. The student will also learn how to launch and use the control panel and Microsoft Management Console tools that are used to administer the domain once the domain controller has been built.

Preparation

This is the next in a series of exercises that lead the student from the installation of Windows 2000 Server on a system through the construction of a network infrastructure in which a small single server LAN is built up. (See the list of exercises).

This tutorial is an integral component of the installation of a single standalone Windows 2000 Domain Controller as the first server of a new network. This series of tutorials will take the student through the process from start to finish:

Promotion of the Windows 2000 Advanced Server to a Domain Controller (This module)

You must have already completed: installation and configuration of all NICs and TCP/IP, installation and configuration of DNS, installation and configuration of DHCP in order to begin the installation of Active Directory on the small LAN, which in the older Windows NT 4.0 terminology makes the server into a Domain Controller and the installation of Active Directory is therefore the act of Promoting the server to this role. If all of the above has been done then proceed to the sections below.

Procedures

open Start > Run > "dcpromo" > OK:

This launches the Installation f Active Directory Wizard. Click Next:

Immediately we are faced with some serious questions which must be answered absolutel correctly. This will be a new Domain Controller for a NEW domain which will be created along the way. DNS must already be up and running AND the controller will want the DNS name of the domain that it will be controlling. For clarity here, the DNS server is already up and running as a root server of the domain name domain1.com. This server will now become the domain controller of that same domain. Click Next:

Since ours is the first domain controller on the network and the first domain as well, then this will not be a child of an existing domain. Therefore accept the choice "Create a new tree" and click Next:

Again, being the first system to employ Active Directory on this network there are no other trees existing already either so create a new forest and click Next:

Here type in the full DNS name of the new domain which as already stated is already up and running in the DNS server as "domain1.com" and click Next:

Accept what the system offers as a NetBIOS name and click Next:

Don't forget where the Active Directory database and logs are about to be created. Accept the default location offered unless you want to put them on a RAID-5 or something crazy like that and click Next:

Note the name of the Active Directory shared folder name and click Next:

This may be occuring because the DNS service is being installed and configured and then AD is being installed right behind it. Perhaps a couple dozen more reboots and the AD wizard would find the DNS service. In the meantime, tell it "No" As it turns out the AD wizard will find the DNS service later as the installation proceeds anyway. Click Next:

This is a critical choice also. A Windows 2000 only network is certainly more secure from a functional standpoint (no super powerful DOS tools can run anywhere!) But once you make the decision there will be no support for Windows 9x or DOS in the domain. Usually in class you should choose Pre-Windows 2000 server support. Click Next:

Here's another password. Apparently the Restore mode is fairly powerful and bypasses quite a bit of the security locks which is why another password is needed soin the real world this should be different and long winded. Here make it the same as the Administrator's and click Next:

The wizard in typical Windows 2000 fashion displays a summary of your choices for your perusal. Click Next to begin the actual installation:

The progress indicator will run for quite a while even on the room systems which basically have almost no settings or accounts o ther than the defaults so this would be expected to take a long time on existing servers doing real work so be prepared for that. Don't expect the server to do real work during any upgrade, configuration or installation of packages, settings, or components:

Finally the Finish page appears. Click the Finish button:

Unfortunately, despite the improvements in WIndows 2000, this change in role is largest one possible and the network has effectively changed from Peer-to-Peer into a Client/Server network in the Microsoft technologies with this installation. We will give then a pass on this one. Click Restart to reboot the system:

Post Reboot Procedures

In the Windows NT 4.0 era it was easy to install NT Server on any computer with a NIC on the network and install and enable DHCP. Now your server works and you probably chose a bad address pool. Any machine that happens to make a DHCP request will probably get an offer from the "rogue" server before the real hard at work server can respond. As a result the rogue will start handing out bogus IP addresses to machines on the network and now they can't access anything on the network. Sounds like a major pain. To prevent rogue DHCPs in the Windows 2000 network DHCP servers must now be authorized at the Domain Controller level or they will not participate in DHCP on the network. Therefore your server will not work right now as expected because upon installation of AD, the DHCP server has been deactivated until it gets authorized. Open the DHCP choice from Start > Programs > Administrative Tools:

Open the Action menu and click Authorize. Note that the process from some strange reason takes a long time even when the DHCP service and the AD service are both on the same server. You can keep pressing the [F5] key until the little red down arrow on the server name turns into a little green up arrow. At that point the DHCP service is up and running again and now the entire domain is complete and operational: